12-06-2003 07:35 AM - edited 03-09-2019 05:46 AM
When I fire my IDS, I can see many false positives from VMS, such as IDS Evasiive Encoding and Long WebDAV Request from my cisco cashe engines, Namp UDP Port Sweep from my DNS servers, and Sendmail Data Header Overflow from my exchange servers. How can I tune my IDS to cut down those noise?
12-07-2003 03:15 PM
You will need to create filters for your sensor.
Here is a link to the IDS MC documentation for creating filters:
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/mgt_ids/idsmc12/ug/ch05.htm#893883
If you are using IDM refer to the following link for version 4.1:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap3.htm#31156
Or the following link for version 3.1:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids8/13876_01.htm#xtocid38
12-15-2003 11:00 AM
Nmap UDP Port Sweep could not be filtered out from my DNS server in VMS, any ideas?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide